ebook img

Cisco APIC Basic Configuration Guide, Release 2.x PDF

272 Pages·2016·8.31 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Cisco APIC Basic Configuration Guide, Release 2.x

Cisco APIC Basic Configuration Guide, Release 2.x FirstPublished:2016-06-29 LastModified:2018-08-08 AmericasHeadquarters CiscoSystems,Inc. 170WestTasmanDrive SanJose,CA95134-1706 USA http://www.cisco.com Tel:408526-4000 800553-NETS(6387) Fax:408527-0883 THESPECIFICATIONSANDINFORMATIONREGARDINGTHEPRODUCTSINTHISMANUALARESUBJECTTOCHANGEWITHOUTNOTICE.ALLSTATEMENTS, INFORMATION,ANDRECOMMENDATIONSINTHISMANUALAREBELIEVEDTOBEACCURATEBUTAREPRESENTEDWITHOUTWARRANTYOFANYKIND, EXPRESSORIMPLIED.USERSMUSTTAKEFULLRESPONSIBILITYFORTHEIRAPPLICATIONOFANYPRODUCTS. THESOFTWARELICENSEANDLIMITEDWARRANTYFORTHEACCOMPANYINGPRODUCTARESETFORTHINTHEINFORMATIONPACKETTHATSHIPPEDWITH THEPRODUCTANDAREINCORPORATEDHEREINBYTHISREFERENCE.IFYOUAREUNABLETOLOCATETHESOFTWARELICENSEORLIMITEDWARRANTY, CONTACTYOURCISCOREPRESENTATIVEFORACOPY. TheCiscoimplementationofTCPheadercompressionisanadaptationofaprogramdevelopedbytheUniversityofCalifornia,Berkeley(UCB)aspartofUCB'spublicdomainversionof theUNIXoperatingsystem.Allrightsreserved.Copyright©1981,RegentsoftheUniversityofCalifornia. NOTWITHSTANDINGANYOTHERWARRANTYHEREIN,ALLDOCUMENTFILESANDSOFTWAREOFTHESESUPPLIERSAREPROVIDED“ASIS"WITHALLFAULTS. CISCOANDTHEABOVE-NAMEDSUPPLIERSDISCLAIMALLWARRANTIES,EXPRESSEDORIMPLIED,INCLUDING,WITHOUTLIMITATION,THOSEOF MERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEANDNONINFRINGEMENTORARISINGFROMACOURSEOFDEALING,USAGE,ORTRADEPRACTICE. INNOEVENTSHALLCISCOORITSSUPPLIERSBELIABLEFORANYINDIRECT,SPECIAL,CONSEQUENTIAL,ORINCIDENTALDAMAGES,INCLUDING,WITHOUT LIMITATION,LOSTPROFITSORLOSSORDAMAGETODATAARISINGOUTOFTHEUSEORINABILITYTOUSETHISMANUAL,EVENIFCISCOORITSSUPPLIERS HAVEBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES. AnyInternetProtocol(IP)addressesandphonenumbersusedinthisdocumentarenotintendedtobeactualaddressesandphonenumbers.Anyexamples,commanddisplayoutput,network topologydiagrams,andotherfiguresincludedinthedocumentareshownforillustrativepurposesonly.AnyuseofactualIPaddressesorphonenumbersinillustrativecontentisunintentional andcoincidental. CiscoandtheCiscologoaretrademarksorregisteredtrademarksofCiscoand/oritsaffiliatesintheU.S.andothercountries.ToviewalistofCiscotrademarks,gotothisURL:www.cisco.com gotrademarks.Third-partytrademarksmentionedarethepropertyoftheirrespectiveowners.TheuseofthewordpartnerdoesnotimplyapartnershiprelationshipbetweenCiscoandany othercompany.(1721R) ©2016–2017CiscoSystems,Inc.Allrightsreserved. CONTEN TS PREFACE Preface xiii Audience xiii DocumentConventions xiii RelatedDocumentation xv DocumentationFeedback xvi ObtainingDocumentationandSubmittingaServiceRequest xvi CHAPTER 1 NewandChangedInformation 1 NewandChangedInformation 1 CHAPTER 2 AboutCiscoACI/APICConfiguration 5 RecommendedSettingsfortheCiscoApplicationPolicyInfrastructureController 5 AboutACI/APICInterfaces 7 MixingtheNX-OSStyleCLIandtheAPICGUI 8 AbouttheModesofConfiguringLayer3ExternalConnectivity 9 ConfigurationValidation 10 CHAPTER 3 UserAccess,Authentication,andAccounting 13 AccessRightsWorkflowDependencies 13 UserAccess,Authorization,andAccounting 13 MultipleTenantSupport 14 UserAccess:Roles,Privileges,andSecurityDomains 14 ConfiguringaLocalUser 15 ConfiguringaLocalUserUsingtheGUI 15 ConfiguringSSHPublicKeyAuthenticationUsingtheGUI 17 ConfiguringaLocalUserUsingtheNX-OSStyleCLI 17 CiscoAPICBasicConfigurationGuide,Release2.x iii Contents ConfiguringaLocalUserUsingtheRESTAPI 18 ConfiguringaRemoteUser 18 AVPairontheExternalAuthenticationServer 19 BestPracticeforAssigningAVPairs 20 ConfiguringanAVPairontheExternalAuthenticationServer 20 ConfiguringAPICforTACACS+Access 21 ConfiguringAPICforRADIUSAccess 22 ConfiguringaCiscoSecureAccessControlServerforRADIUSandTACACS+AccesstotheAPIC 23 ConfiguringWindowsServer2008LDAPforAPICAccesswithCiscoAVPair 24 ConfiguringAPICforLDAPAccess 26 ChangingtheDefaultBehaviorforRemoteUserswithMissingorBadCiscoAVPairs 28 ChangingDefaultBehaviorforRemoteUserswithMissingorBadCiscoAVPairsUsingtheNX-OS StyleCLI 28 AboutSignature-BasedTransactions 29 GuidelinesandLimitations 29 GeneratinganX.509CertificateandaPrivateKey 30 ConfiguringaLocalUser 31 CreatingaLocalUserandAddingaUserCertificateUsingtheGUI 31 CreatingaLocalUserandAddingaUserCertificateUsingtheRESTAPI 32 CreatingaLocalUserUsingPythonSDK 34 UsingaPrivateKeytoCalculateaSignature 35 Accounting 37 RoutedConnectivitytoExternalNetworksasaSharedServiceBillingandStatistics 38 CHAPTER 4 Management 39 ManagementWorkflows 39 ACIManagementAccessWorkflows 39 AddingManagementAccess 40 AddingManagementAccessintheGUI 41 IPv4/IPv6AddressesandIn-BandPolicies 41 IPv4/IPv6AddressesinOut-of-BandPolicies 41 IPv6TableModificationstoMirrortheExistingIPTablesFunctionality 41 ConfiguringIn-BandandOut-of-BandManagementAccesswithWizards 42 CiscoAPICBasicConfigurationGuide,Release2.x iv Contents ConfiguringIn-BandManagementAccessUsingtheCiscoAPICGUI 43 ConfiguringIn-BandManagementAccessUsingtheNX-OSStyleCLI 47 ConfiguringIn-BandManagementAccessUsingtheRESTAPI 48 ConfiguringOut-of-BandManagementAccessUsingtheCiscoAPICGUI 51 ConfiguringOut-of-BandManagementAccessUsingtheNX-OSStyleCLI 52 ConfiguringOut-of-BandManagementAccessUsingtheRESTAPI 53 ExportingTechSupport,Statistics,andCoreFiles 55 AboutExportingFiles 55 FileExportGuidelinesandRestrictions 55 CreatingaRemoteLocationforExportingFiles 55 SendinganOn-DemandTechsupportFileUsingtheGUI 56 SendinganOn-DemandTechsupportFileUsingtheNX-OSStyleCLI 56 SendinganOn-DemandTechSupportFileUsingtheRESTAPI 57 Overview 58 ConfigurationFileEncryption 59 ConfiguringaRemoteLocationUsingtheGUI 60 ConfiguringaRemoteLocationUsingtheNX-OSStyleCLI 60 ConfiguringaRemoteLocationUsingtheRESTAPI 61 ConfiguringanExportPolicyUsingtheGUI 61 ConfiguringanExportPolicyUsingtheNX-OSStyleCLI 62 ConfiguringanExportPolicyUsingtheRESTAPI 63 ConfiguringanImportPolicyUsingtheGUI 63 ConfiguringanImportPolicyUsingtheNX-OSStyleCLI 64 ConfiguringanImportPolicyUsingtheRESTAPI 65 EncryptingConfigurationFilesUsingtheGUI 65 EncryptingConfigurationFilesUsingtheNX-OSStyleCLI 69 EncryptingConfigurationFilesUsingtheRESTAPI 69 Backingup,Restoring,andRollingBackControllerConfiguration 70 BackingUp,Restoring,andRollingBackConfigurationFilesWorkflow 70 AboutthefileRemotePathObject 71 ConfigurationExporttoController 71 ConfigurationImporttoController 73 Snapshots 76 SnapshotManagerPolicy 76 CiscoAPICBasicConfigurationGuide,Release2.x v Contents Rollback 78 UsingSyslog 79 AboutSyslog 79 CreatingaSyslogDestinationandDestinationGroup 80 CreatingaSyslogSource 81 EnablingSyslogtoDisplayinNX-OSCLIFormat,UsingtheRESTAPI 82 UsingAtomicCounters 83 AboutAtomicCounters 83 AtomicCountersGuidelinesandRestrictions 85 ConfiguringAtomicCounters 86 UsingSNMP 86 AboutSNMP 86 SNMPAccessSupportinACI 86 SNMPTrapAggregation 87 ConfiguringSNMP 87 ConfiguringtheSNMPPolicyUsingtheGUI 87 ConfiguringanSNMPTrapDestinationUsingtheGUI 89 ConfiguringanSNMPTrapSourceUsingtheGUI 90 MonitoringtheSystemUsingSNMP 90 ConfiguringSNMPPolicyUsingCLI 90 UsingSPAN 92 AboutSPAN 92 SPANGuidelinesandRestrictions 92 ConfiguringaSPANSession 93 UsingTraceroute 94 AboutTraceroute 94 TracerouteGuidelinesandRestrictions 94 PerformingaTracerouteBetweenEndpoints 94 CHAPTER 5 ProvisioningCoreACIFabricServices 97 TimeSynchronizationandNTP 97 In-BandandOut-of-BandManagementNTP 98 NTPoverIPv6 98 ConfiguringNTPUsingtheGUI 98 CiscoAPICBasicConfigurationGuide,Release2.x vi Contents ConfiguringNTPUsingtheNX-OSStyleCLI 99 ConfiguringNTPUsingtheRESTAPI 101 VerifyingNTPOperationUsingtheGUI 102 VerifyingNTPPolicyDeployedtoEachNodeUsingtheNX-OSStyleCLI 103 NTPServer 103 EnablingtheNTPServerUsingtheGUI 104 EnablingtheNTPServerUsingtheCLI 105 EnablingtheNTPServerUsingtheRESTAPI 106 ConfiguringaDHCPRelayPolicy 106 ConfiguringaDHCPServerPolicyfortheAPICInfrastructureUsingtheGUI 107 ConfiguringaDHCPServerPolicyfortheAPICInfrastructureUsingtheNX-OSStyleCLI 108 ConfiguringaDHCPServerPolicyfortheAPICInfrastructureUsingtheRESTAPI 109 ConfiguringaDNSServicePolicy 110 ConfiguringExternalDestinationswithanIn-BandDNSServicePolicy 110 DualStackIPv4andIPv6DNSServers 112 Dual-StackIPv4andIPv6Environment 112 PolicyforPriorityofIPv4orIPv6inaDNSProfile 112 ConfiguringaDNSServicePolicytoConnectwithDNSProvidersUsingtheGUI 113 ConfiguringaDNSServicePolicytoConnectwithDNSProvidersUsingtheNX-OSStyleCLI 114 ConfiguringaDNSServicePolicytoConnectwithDNSProvidersUsingtheRESTAPI 114 VerifyingthattheDNSProfileisConfiguredandAppliedtotheFabricControllerSwitchesUsing theNX-OSStyleCLI 115 ConfiguringCustomCertificates 116 ConfiguringCustomCertificateGuidelines 116 ConfiguringaCustomCertificateforCiscoACIHTTPSAccessUsingtheGUI 116 ProvisioningFabricWideSystemSettings 118 ConfiguringAPICIn-BandorOut-of-BandConnectivityPreferences 118 ConfigureQuotaManagementPolicies 119 CreateanEnforcedBDExceptionList 119 CreateaBGPRouteReflectorPolicyandRouteReflectorNodeEndpoints 120 ConfigureaFabricWideControlPlaneMTUPolicy 121 CreateaCOOPGroupPolicy 121 ConfigureEndpointLoopProtection 122 CiscoAPICBasicConfigurationGuide,Release2.x vii Contents AbouttheRogueEndpointControlPolicy 122 LimitationsoftheRogueEndpointControlPolicy 123 ConfiguretheRogueEndpointControlPolicyUsingtheGUI 123 ConfigureRogueEndpointControlUsingtheNX-OSStyleCLI 124 ConfiguretheRogueEndpointControlPolicyUsingtheRESTAPI 125 ConfigureIPAging 125 DisableRemoteEndpointLearning 126 GloballyEnforceSubnetChecks 126 ReallocateaGIPo 127 GloballyEnforceDomainValidation 127 EnableOpFlexClientAuthentication 127 CreateaLoadBalancerPolicy 128 EnableaTimePrecisionPolicy 129 EnableaGlobalSystemGIPoPolicy 129 ProvisioningGlobalFabricAccessPolicies 130 CreateaGlobalAttachableAccessEntityProfile 130 ConfiguretheGlobalQoSClassPolicy 131 CreateaGlobalDHCPRelayPolicy 131 EnableaGlobalMCPInstancePolicy 132 CreateanErrorDisabledRecoveryPolicy 132 ConfigureaGlobalPortTrackingPolicy 133 CHAPTER 6 BasicUserTenantConfiguration 135 Tenants 135 RoutingWithintheTenant 136 Layer3VNIDsFacilitateTransportingInter-subnetTenantTraffic 136 RouterPeeringandRouteDistribution 138 BridgedInterfacetoanExternalRouter 139 ConfiguringRouteReflectors 140 ConfiguringExternalConnectivityforTenants 140 CreatingTenants,VRFs,andBridgeDomains 147 TenantsOverview 147 TenantCreation 147 VRFandBridgeDomains 147 CiscoAPICBasicConfigurationGuide,Release2.x viii Contents CreatingaTenant,VRF,andBridgeDomainUsingtheAdvancedGUI 147 DeployingEPGs 148 StaticallyDeployinganEPGonaSpecificPort 148 DeployinganEPGonaSpecificNodeorPortUsingtheGUI 148 DeployinganEPGonaSpecificPortwithAPICUsingtheNX-OSStyleCLI 150 DeployinganEPGonaSpecificPortwithAPICUsingtheRESTAPI 151 CreatingDomains,AttachEntityProfiles,andVLANstoDeployanEPGonaSpecificPort 151 CreatingDomains,andVLANStoDeployanEPGonaSpecificPortUsingtheGUI 152 CreatingAEP,Domains,andVLANstoDeployanEPGonaSpecificPortUsingtheNX-OSStyle CLI 153 CreatingAEP,Domains,andVLANstoDeployanEPGonaSpecificPortUsingtheRESTAPI 154 DeployinganApplicationEPGthroughanAEPorInterfacePolicyGrouptoMultiplePorts 155 DeployinganEPGthroughanAEPtoMultipleInterfacesUsingtheAPICGUI 155 DeployinganEPGthroughanInterfacePolicyGrouptoMultipleInterfacesUsingtheNX-OS StyleCLI 157 DeployinganEPGthroughanAEPtoMultipleInterfacesUsingtheRESTAPI 158 MicrosegmentedEPGs 159 UsingMicrosegmentationwithNetwork-basedAttributesonBareMetal 159 ConfiguringNetwork-basedMicrosegmentedEPGsinaBare-MetalenvironmentUsingtheGUI 159 ConfiguringaNetwork-BasedMicrosegmentedEPGinaBare-MetalEnvironmentUsingthe NX-OSStyleCLI 161 ConfiguringaNetwork-BasedMicrosegmentedEPGinaBare-MetalEnvironmentUsingthe RESTAPI 163 IPAddress-BasedMicrosegmentedEPGasaSharedResource 164 ConfiguringanIP-basedMicrosegmentedEPGasaSharedResourceUsingtheGUI 164 ConfiguringanIP-basedMicrosegmentedEPGasaSharedResourceUsingtheNX-OSCLI 165 ConfiguringanIP-basedMicrosegmentedEPGasaSharedResourceUsingtheRESTAPI 166 UnconfiguringanIP-basedMicrosegmentedEPGasaSharedResourceUsingtheGUI 167 UnconfiguringanIP-basedMicrosegmentedEPGasaSharedResourceUsingtheNX-OSStyle CLI 168 UnconfiguringanIP-basedMicrosegmentedEPGasaSharedResourceUsingtheRESTAPI 168 DeployingApplicationProfilesandContracts 169 CiscoAPICBasicConfigurationGuide,Release2.x ix Contents SecurityPolicyEnforcement 169 ContractsContainSecurityPolicySpecifications 169 Three-TierApplicationDeployment 172 ParameterstoCreateaFilterforhttp 173 ParameterstoCreateFiltersforrmiandsql 173 ExampleApplicationProfileDatabase 174 CreatinganApplicationProfileUsingtheGUI 174 CreatingEPGsUsingtheGUI 174 ConfiguringContractsUsingtheAPICGUI 175 CreatingaFilterUsingtheGUI 175 CreatingaContractUsingtheGUI 176 ConsumingandProvidingContractsUsingtheGUI 176 ConfiguringContractsUsingtheNX-OSStyleCLI 177 ConfiguringContracts 177 ExportingaContracttoAnotherTenant 180 ConfiguringContractsUsingtheRESTAPI 182 ConfiguringaContractUsingtheRESTAPI 182 ConfiguringaTabooContractUsingtheRESTAPI 183 VerifyingContracts,TabooContracts,andFiltersUsingtheRESTAPI 183 OptimizeContractPerformance 184 OptimizeContractPerformance 184 ConfigureaContractwithOptimizedTCAMUsageUsingtheGUI 186 ConfigureaContractwithOptimizedTCAMUsageUsingtheRESTAPI 187 ContractandSubjectExceptions 187 ConfiguringContractorSubjectExceptionsforContracts 187 ConfigureaContractorSubjectExceptionUsingtheGUI 189 ConfigureaContractorSubjectExceptionUsingtheNX-OSStyleCLI 189 ConfigureaContractorSubjectExceptionUsingtheRESTAPI 190 Intra-EPGContracts 191 Intra-EPGContracts 191 ConfiguringanIntra-EPGContractUsingtheGUI 191 ConfiguringanIntra-EPGContractUsingtheNX-OSStyleCLI 192 ConfiguringanIntra-EPGContractUsingtheRESTAPI 193 EPGContractInheritance 194 CiscoAPICBasicConfigurationGuide,Release2.x x

Description:
Last Modified: August 23, 2016 THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE 2016 Cisco Systems, Inc. All rights reserved. to users when in bash shell (using SSH, Telnet or Serial/KVM consoles). Controllers (APICs) are online, and the APIC cluster is formed and healthy.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.